Advantages in terms of ease of installation and use of wireless connections, low cost of hardware equipment, good performances in terms of maximum bit-rate comparable to that of wired data communications networks have favored, over the last years, a wide spread of Wireless Local Area Networks (Wireless LANs or WLANs).
Most WLAN deployments comply with the IEEE 802.11 standard, commonly called “Wi-Fi”, a short term for “Wireless Fidelity”. The IEEE 802.11 standard, available on the Internet for download via the URL: http://standards.ieee.org/getieee802/802.11.html (at the filing date of the present patent application), specifies the Medium Access Control (MAC) and physical (PHY) layers for devices capable of operation in the unlicensed Industrial, Scientific, and Medical (ISM) radio bands (2.4 GHz and 5 GHz).
WLANs are however inherently less secure than conventional wired LANs, for the reason that they use radio as communication medium. In a wireless network it is hard to control the exact extension range of the network; in the case of a company's WLAN, for example, the radio signal can easily get over the boundary of the company site and an attacker, with a suitable antenna, can passively monitor (“sniff”, in jargon) network traffic without the need to access neither physically nor logically the network.
To increase the network security, the IEEE 802.11 standardization group has defined an amendment to the original IEEE 802.11 standard, called IEEE 802.11i and commercially known as Wi-Fi Protected Access (WPA), which establishes a new security standard for Wi-Fi networks.
As known in the art, the IEEE 802.11i standard relies on a port-based network access-control mechanism established in another, independent standard called IEEE 802.1X (IEEE standard for local and metropolitan area networks—port-based network exchange) for authentication and key distribution.
The IEEE 802.1X relies on the Extensible Authentication Protocol (EAP—specified in the Request For Comment 3748, downloadable at www.ietf.org/rfc/rfc3748.txt at the filing date of the present patent application), an Internet Engineering Task Force (IETF) standard that defines a general-purpose authentication protocol built around a “challenge-response” communication paradigm, to support a wide variety of authentication mechanisms (called “EAP-types”). Moreover, the IEEE 802.1X includes a procedure for dynamic derivation of keys, on a per client and per session basis, embedded in the authentication method.
Summarizing, the IEEE 802.11i standard establishes that, after performing the IEEE 802.1X authentication procedure, a key-agreement sequence based on messages of the type EAP Over LAN (EAPOL)-key takes place according to which, by means of a four-way handshake, a session encryption key can be derived starting from a Master Session Key (MSK).
Without any pretence to completeness (being concepts per-se known in the art), the “actors” of the IEEE 802.1X framework are the “supplicant”, the “authenticator” and the “authentication server”.
The supplicant is an entity, e.g. a wireless user terminal that seeks to be authenticated by an authenticator, e.g., an Access Point (AP) of the wireless network. The supplicant, wishing to use a service (MAC connectivity) offered via a port on the authenticator, needs to be authenticated via the authenticator to a central authentication server, which directs the authenticator about how to provide the service after successful authentication.
The authenticator has two ports of access to the network: an “uncontrolled” port, always open to the authentication message transit, and a “controlled” port that is only open if the authentication procedure succeeds. At the end of the authentication procedure, the authenticator receives from the authentication server the coding keys, per client and per session, for the next data radio communications with the supplicant.
The authentication server is an entity that provides an authentication service to one or more authenticators; it can be for example a RADIUS (Remote Authentication Dial-In User Service) server, a Kerberos server, a Diameter server etc.
The implementation of the IEEE 802.11i standard has an impact on the management of the mobility of the wireless terminals, and particularly of the handoff procedures, i.e. those procedures managing the change of the point of access to the wireless network (change of access point) by a moving wireless terminal. Essentially, differently from the IEEE 802.11 standard, in the IEEE 802.11i standard the authentication sequence takes place after the association procedure, and this has a strong impact on the time required for the handoff.
According to the IEEE 802.11 standard, an authentication procedure towards the new access point is first performed, followed by an association procedure with the new access point, and, consequently, the de-association from the old access point.
The adoption of the IEEE 802.11i standard has the consequence that, the 802.1X authentication procedure is performed after the open authentication and association procedure. Due to this, the computational burden inherent to the 802.1X authentication mechanism is entirely within the handoff, and this prevents from speeding up the handoff procedure while retaining a strong (i.e., computationally-intensive) authentication method; in other words, as long as the authentication method is kept strong, so as to ensure a high level of security, it is inherently computationally-intensive, and the handoff procedure thus takes a relatively long time.
The problem of reducing the time necessary to manage the handoff has already been addressed.
For example, the standardization group IEEE 802.11f (“Recommended Practice for Multi-Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation”) has proposed a solution exploiting the Inter-AP communication protocol (IAPP), whose aim is to maintain a secure association in respect of each wireless terminal, and let such an information be exchanged in a secure way by APs involved in a handoff.
A different approach, based on a proactive key distribution, is proposed in the submission by A. Mishra et al. “Proactive Key Distribution to support Fast Handoff and secure roaming”, available at http://www.drizzle.com/˜aboba/IEEE/ (at the filing date of the present application): once the mobile terminal completes an initial full authentication, the AAA server determines the neighbors of the associated AP and notifies them that a specific mobile terminal may roam into the coverage area of the neighboring APs. An AP may then decide to request the security association from the AAA server.
US 2004/0240412 describes a method for pre-authenticating a pre-establishing key management on a roaming device prior to re-association to facilitate fast handoff.
In the context of Secure Nomadic Wireless Networks (SNOWNET), US 2004/0103275 discloses a solution in which the handoff of a wireless terminal is managed through a public-key mechanism.